Abstract
The virtualization techniques are receiving more attention lately in mobile device security. In this study, we present SecureDom which is the device security of data-centric that aims to protect private, enterprise or sensitive data from various attacks and threats. To achieve it, we provide the mobile device security platform based on domain separation and suggests three essential secure functions which should be offered for secure domain: authentication/access control (AAC) module, secure storage (STR) module and encryption/key management (EKM) module. In secure functions, the AAC module applies two-factor authentication by user and app to access SD, the STR module introduces the enhanced abilities of secure filesystem and EKM module is in charge of security algorithms for data encryption, integrity validation or key generation. Here, EKM module can utilize the existing encryption module that is certified by cryptographic validation program. In the experiment, it demonstrates that some notable overheads are caused in the performance of virtualization engine and inter-domain communication (IDC) performance based on hypervisor, while it provides the strong isolation in domain, IDC, filesystem and resource and the separation of processes.
Similar content being viewed by others
References
Singh R, Singh P, Duhan M (2014) An effective implementation of security based algorithmic approach in mobile adhoc networks. Human-Centric Comput Inf Sci 4(7):1–4
Eslahi M, Naseri MV, Hashim H, Tahir NM, Saad EHM (2014) BYOD: current state and security challenges. In: IEEE Symposium on Computer Applications & Industrial Electronics, pp 189–192
Rhee K, Jeon W, Won D (2012) Security requirements of a mobile device management system. Int J Secur Appl 6(2):353–358
Oh D, Kim I, Kim K, Lee S-M, Ro WW (2015) Highly secure mobile devices assisted with trusted cloud computing environments. ETRI J 37(2):348–358
Ongtang M, McLaughlin S, Enck W, McDaniel P (2009) Semantically rich application-centric security in android. In: Proceedings of Annual Computer Security Applications Conference (ACSAC ’09), pp 73–82
Villate Y, Illarramendi A, Pitoura E (2000) Data lockers: mobile-agent based middleware for the security and availability of roaming users data. Lecture notes in computer science, vol 1901, pp 275–286
Hwang J, Wood T (2012) Adaptive dynamic priority scheduling for virtual desktop infrastructures. In: Proceedings of IWQoS, pp 1–9
Crowell A, Ng BH, Fernandes E, Prakash A (2013) The confinement problem: 40 years later. J Inf Process Syst 9(2):189–204
Cho M, Lee HJ, Kim M, Kim SW (2013) AndroScope: an insightful performance analyzer for all software layers of the android-based systems. ETRI J 35(2):259–269
Nauman M, Khan S, Zhang X (2010) Apex: extending android permission model and enforcement with user-defined runtime constraints. In: Proceedings of Fifth ACM Symposium on Information, Computer and Communication Security (ASIACCS ’10), pp 328–332
Arzt S, Rasthofer S, Fritz C, Bodden E, Bartel A, Klein J, Le Traon Y, Octeau D, McDaniel P (2014) Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: Proceedings PLDI. ACM
Enck W, Gilbert P, Chun B-G, Cox LP, Jung J, McDaniel P, Sheth AN (2010) Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: OSDI. USENIX
Hornyack P, Han S, Jung J, Schechter S, Wetherall D (2011) These aren’t the droids you’re looking for’: retroffiting androidto protect data from imperious applications. In: Proceedings of 18th ACM conference on computer and communication security (CCS ’11), pp 639–652
Conti M, Fernandes E, Paupore J, Prakash A, Simionato D (2014) Oasis: operational access sandboxes for information security. In: Proceedings of the 4th ACM workshop on security and privacy in smartphones & mobile devices, SPSM ’14. ACM, pp 105–110
Xu R, Saïdi H, Anderson R (2012) Aurasium: practical policy enforcement for android applications. In: USENIX security symposium
Heuser S, Nadkarni A, Enck W, Sadeghi AR (2014) ASM: a programmable interface for extending android security. In: Proceedings of the 23rd USENIX conference on Security Symposium, August 20–22, pp 1005–1019
Backes M, Bugiel S, Gerling S, von Styp-Rekowsky P (2014) Android security framework: extensible multi-layered access control on android. In: Proceedings of the 30th annual computer security applications conference, pp 46–55
Sufatrio Tan DJJ, Chua T-W, Thing VLL (2015) Securing android: a survey, taxonomy, and challenges. J ACM Comput Surv 47(58):58–102
Heiser G (2008) The role of virtualization in embedded systems. In: IIES ’08: Proceedings of the 1st workshop on Isolation and integration in embedded systems, pp 11–16
Aguiar A, Hessel F (2010) Embedded systems’ virtualization: the next challenge? In: 2010 21st IEEE international symposium on rapid system prototyping (RSP), pp 1–7
Mahajan K, Makroo A, Dahiya D (2013) Round robin with server affinity: a VM load balancing algorithm for cloud based infrastructure. J Inf Process Syst 9(3):379–394
Rosenblum M (2004) The reincarnation of virtual machines. ACM Queue 2(5):34–40
Tuch H, Laplace C, Barr KC, Wu B (2012) Block storage virtualization with commodity secure digital cards. In: ACM SIGPLAN Notices, VEE ’12, vol 47, no 7, pp 191–202
Catuogno L, Löhr H, Manulis M, Sadeghi A, Winandy M (2009) Transparent mobile storage protection in trusted virtual domains. In: Proceedings of the 23rd conference on large installation system administration, pp 1–14
Catuogno L, Löhr H, Winandy M, Sadeghi A (2014) A trusted versioning file system for passive mobile storage devices. J Netw Computer Appl 38:65–75
Shu J, Shen Z, Xue W (2014) Shield: a stackable secure storage system for file sharing in public storage. J Parallel Distrib Comput 74(9):2872–2883
Catuogno L, Dmitrienko A, Eriksson K, Kuhlmann D, Ramunno G, Sadeghi A, Schulz S, Schunter M, Winandy M, Zhan J (2009) Trusted virtual domains–design, implementation and lessons learned. In: Proceedings of the first international conference on trusted systems, pp 1–24
Russello G, Conti M, Crispo B, Fernandes E (2012) MOSES: supporting operation modes on smartphones. In: Proceedings of the 17th ACM symposium on access control models and technologies, pp 3–12
Andrus J, Dall C, Hof AV, Laadan O, Nieh J (2011) Cells: a virtual mobile smartphone architecture. In: Proceedings of the twenty-third ACM symposium on operating systems principles, pp 173–187
Zhauniarovich Y, Russello G, Conti M, Crispo B, Fernandes E (2014) MOSES: supporting and enforcing security profiles on smartphones. IEEE Trans Dependable Secure Comput 11(3):211–223
Bugiel S, Davi L, Dmitrienko A, Heuser S, Sadeghi A-R, Shastry B (2011) Practical and lightweight domain isolation on android. In: 1st ACM CCS workshop on security and privacy in mobile devices (SPSM’11)
Sun Q, Qi T, Yang T, Cui Y (2013) An android dynamic data protection model based on light virtualization. In: Conference on communication technology, pp 65–69
Lange M, Liebergeld S, Lackorzynski A, Warg A, Peter M (2011) L4Android: a generic operating system framework for secure smartphones. In: SPSM. ACM
Labrosse J (1992) \(\mu \)C/OS the real-time kernel. R&D publications, Lawrence
Reshetova E, Karhunen J, Nyman T, Asokan N (2014) Security of OS-level virtualization technologies: Technical report. Cornell Univ. Library, pp 1–20. arXiv:1407.4245v1
Park S-W, Lim JD, Kim JN (2015) A secure storage system for sensitive data protection based on mobile virtualization. Int J Distrib Sensor Netw 8
Truong T, Tran M, Duong A (2012) Improvement of the more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on ECC. J Converg 3(2):1–10
Albayram Y, Khan MMH, Bamis A, Kentros S, Nguyen N, Jiang R (2015) Designing challenge questions for location-based authentication systems: a real-life study. Human-Centric Comput Inf Sci 5:5–21
Diesburg SM, Wang A-IA (2010) A survey of confidential data storage and deletion methods. ACM Comput Surv 43(1):1–37
Qin Y, Tong W, Liu J, Zhu Z (2013) SmSD: a smart secure deletion scheme for SSDs. J Converg 4(4):30–35
Hong D, Sung J, Hong S, Lim J, Lee S, Koo B, Lee C, Chang D, Lee J, Jeong K, Kim H, Kim J, Chee S (2006) HIGHT: a new block cipher suitable for low-resource device. LNCS 4249:46–59
Bogdanov A, Knudsen LR, Leander G, Paar C, Poschmann A, Robshaw MJB, Seurin Y, Vikkelsoe C (2007) PRESENT: an ultra-lightweight block cipher. LNCS 4727:450–466
Oh S-C, Kim KH, Koh KW, Ahn C-W (2010) ViMo (virtualization for mobile): a virtual machine monitor supporting full virtualization for arm mobile systems. In: The first international conference on cloud computing, grids, and virtualization, pp 48–53
Weiss Alan R (2002) Dhrystone benchmark, white paper
(2011) Dhrystone benchmarking for ARM cortex processors, application note 273
Acknowledgments
This work was supported by the ICT R&D program of MSIP/IITP. [R0101-15-0195(10043959), Development of EAL 4 level military fusion security solution for protecting against unauthorized accesses and ensuring a trusted execution environment in mobile devices].
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Park, SW., Kim, J. & Lee, D.G. SecureDom: secure mobile-sensitive information protection with domain separation. J Supercomput 72, 2682–2702 (2016). https://doi.org/10.1007/s11227-015-1578-6
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-015-1578-6